Static task
static1
General
-
Target
5362175d23c76857fef755c8d8cc980e
-
Size
26KB
-
MD5
5362175d23c76857fef755c8d8cc980e
-
SHA1
ceb5cfd89b6cb6a3f330fbc3e852b281bc445aa4
-
SHA256
e875fccbd9da0ed99d48914f0b117f24e4e522a65cb1e8584305ee7c21ee5e77
-
SHA512
2818d8eec29444fa475a09276bbff5dc37034322e31c045e4d4d10ea60473a86740819dc18f370cf3ce0e89072aa6036787dccf2ca1b4151a8a9fcb2b04fa852
-
SSDEEP
768:/nnNJZNfpQCEHI25AEnzagL+/figD2av5kXEdkozutw:vnNJZdVEoyAMH6akYEd5u
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5362175d23c76857fef755c8d8cc980e
Files
-
5362175d23c76857fef755c8d8cc980e.sys windows:5 windows x86 arch:x86
307d08f4cf3a596aa8595f30d30b8517
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ntoskrnl.exe
ExFreePool
ZwClose
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlInitUnicodeString
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
KeServiceDescriptorTable
ZwSetValueKey
PsGetVersion
wcscat
wcscpy
ZwEnumerateKey
ZwOpenKey
ZwQueryValueKey
_except_handler3
IoRegisterDriverReinitialization
_strnicmp
strncmp
strncpy
KeDelayExecutionThread
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsCreateSystemThread
ZwDeleteValueKey
wcsncmp
wcslen
towlower
IofCompleteRequest
_wcsnicmp
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsstr
Sections
.text Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 800B - Virtual size: 782B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ